The latest victim of systemd's PrivateTmp…

Rick Stevens ricks at alldigital.com
Tue Jan 15 01:44:39 UTC 2013 

On 01/14/2013 05:38 PM, Sam Varshavchik issued this missive:
> Rick Stevens writes:
>
>> On 01/14/2013 05:15 PM, Sam Varshavchik issued this missive:
>>> Tom Horsley writes:
>>>
>>>> On Mon, 14 Jan 2013 08:32:19 -0500
>>>> Sam Varshavchik wrote:
>>>>
>>>> > … appears to be Apache. After installing the most recent
>>>> systemd
>>>> update:
>>>> >
>>>> > systemd[1429]: Failed at step NAMESPACE spawning /usr/sbin/httpd:
>>>> Operation
>>>> > not permitted
>>>>
>>>> I just installed updates (and rebooted) this morning and apache seems
>>>> to be running
>>>> fine on my desktop. I've got systemd-44-23.fc17.x86_64
>>>
>>> Yeah, some of my other machines seems to have survived. But all I know,
>>> is that on a stripped down, headless box, this update broke Apache,
>>> until I took out PrivateTmp out of httpd.service. Only systemd was
>>> updated, apache wasn't. That's all I can figure out for now. The error
>>> message text wasn't very helpful, and googling it around found a bunch
>>> of references to PrivateTmp, so I took it out, and systemctl start
>>> httpd.service worked. Put it back, systemd refuses to start it, take it
>>> out, it works.
>>
>> Did you check to see if you have any selinux log entries pertaining to
>> this? "Operation not permitted" smells selinux-ishy to me.
>
> This stripped down box does not use selinux.
>
> Jan 14 06:54:40 shorty kernel: [    3.219771] SELinux:  Disabled at
> runtime.
> Jan 14 06:54:40 shorty kernel: [    3.249018] type=1404
> audit(1358164472.135:2): selinux=0 auid=4294967295 ses=4294967295
>
> /etc/selinux/config has SELINUX=disabled
>
> The only thing that comes to mind that I have non-standard is:
>
> [root at shorty ~]# ls -al /var/www
> lrwxrwxrwx. 1 root root 11 Apr 19  2011 /var/www -> ../home/www
>
> But if this caused some unfathomable problem with systemd's PrivateTmp,
> I'd expect apache to barf, instead of systemd whining.

That isn't a broken link, is it, or some permissions issue where
systemd (or Apache) doesn't have access to /home/www? I can see /var/www
being a symlink to /home/<someuser>/www or even /home/www, but does
the apache user have write access to it?
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks at alldigital.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-    "Hello. My PID is Inigo Montoya.  You `kill -9'-ed my parent    -
-                     process.  Prepare to vi."                      -
----------------------------------------------------------------------

More information about the users mailing list